1 |
|
|
#ifndef SRC_NODE_REVERT_H_ |
2 |
|
|
#define SRC_NODE_REVERT_H_ |
3 |
|
|
|
4 |
|
|
#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS |
5 |
|
|
|
6 |
|
|
#include "node.h" |
7 |
|
|
|
8 |
|
|
/** |
9 |
|
|
* Note that it is expected for this list to vary across specific LTS and |
10 |
|
|
* Stable versions! Only CVE's whose fixes require *breaking* changes within |
11 |
|
|
* a given LTS or Stable may be added to this list, and only with TSC |
12 |
|
|
* consensus. |
13 |
|
|
* |
14 |
|
|
* For *master* this list should always be empty! |
15 |
|
|
**/ |
16 |
|
|
namespace node { |
17 |
|
|
|
18 |
|
|
#define SECURITY_REVERSIONS(XX) \ |
19 |
|
|
// XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title") |
20 |
|
|
|
21 |
|
|
enum reversion { |
22 |
|
|
#define V(code, ...) SECURITY_REVERT_##code, |
23 |
|
|
SECURITY_REVERSIONS(V) |
24 |
|
|
#undef V |
25 |
|
|
}; |
26 |
|
|
|
27 |
|
|
namespace per_process { |
28 |
|
|
extern unsigned int reverted_cve; |
29 |
|
|
} |
30 |
|
|
|
31 |
|
|
#ifdef _MSC_VER |
32 |
|
|
#pragma warning(push) |
33 |
|
|
// MSVC C4065: switch statement contains 'default' but no 'case' labels |
34 |
|
|
#pragma warning(disable : 4065) |
35 |
|
|
#endif |
36 |
|
|
|
37 |
|
|
inline const char* RevertMessage(const reversion cve) { |
38 |
|
|
#define V(code, label, msg) case SECURITY_REVERT_##code: return label ": " msg; |
39 |
|
|
switch (cve) { |
40 |
|
|
SECURITY_REVERSIONS(V) |
41 |
|
|
default: |
42 |
|
|
return "Unknown"; |
43 |
|
|
} |
44 |
|
|
#undef V |
45 |
|
|
} |
46 |
|
|
|
47 |
|
|
#ifdef _MSC_VER |
48 |
|
|
#pragma warning(pop) |
49 |
|
|
#endif |
50 |
|
|
|
51 |
|
|
inline void Revert(const reversion cve) { |
52 |
|
|
per_process::reverted_cve |= 1 << cve; |
53 |
|
|
printf("SECURITY WARNING: Reverting %s\n", RevertMessage(cve)); |
54 |
|
|
} |
55 |
|
|
|
56 |
|
1 |
inline void Revert(const char* cve, std::string* error) { |
57 |
|
|
#define V(code, label, _) \ |
58 |
|
|
if (strcmp(cve, label) == 0) return Revert(SECURITY_REVERT_##code); |
59 |
|
|
SECURITY_REVERSIONS(V) |
60 |
|
|
#undef V |
61 |
|
1 |
*error = "Error: Attempt to revert an unknown CVE ["; |
62 |
|
1 |
*error += cve; |
63 |
|
1 |
*error += ']'; |
64 |
|
1 |
} |
65 |
|
|
|
66 |
|
|
inline bool IsReverted(const reversion cve) { |
67 |
|
|
return per_process::reverted_cve & (1 << cve); |
68 |
|
|
} |
69 |
|
|
|
70 |
|
|
inline bool IsReverted(const char* cve) { |
71 |
|
|
#define V(code, label, _) \ |
72 |
|
|
if (strcmp(cve, label) == 0) return IsReverted(SECURITY_REVERT_##code); |
73 |
|
|
SECURITY_REVERSIONS(V) |
74 |
|
|
return false; |
75 |
|
|
#undef V |
76 |
|
|
} |
77 |
|
|
|
78 |
|
|
} // namespace node |
79 |
|
|
|
80 |
|
|
#endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS |
81 |
|
|
|
82 |
|
|
#endif // SRC_NODE_REVERT_H_ |